Password reset

[Florian Weimer]

David Shaw <dshaw@jabberwocky.com> writes:

> Oh, yes, the implementation may make decisions, but the local user
> always has control.

There is nothing in RFC 2440 which mandates the possibility of user
interaction.

> The user always has control.

This might be true for GnuPG running on a general-purpose computer,
but for embedded applications, it is not.  Of course, most embedded
crypto applications use X.509, PKCS somehting, and so on (perhaps with
some proprietary extensions), but there's nothing which would prevent
people from using OpenPGP instead, at least in theory.

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898